Coding Agent Backup Fixed 2026Q1
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is advertised as a local coding-agent helper, but it includes an undeclared Gemini API implementation with a hardcoded key and workflows for unsandboxed/background code agents.
Review carefully before installing. If you use it, remove or replace the hardcoded Gemini key, confirm whether index.js is actually invoked, run coding agents only in disposable or well-scoped git workdirs, avoid --yolo/no-approval modes, and review diffs before applying changes or posting results.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
User prompts could be processed under an undeclared provider credential with unclear ownership, quota, billing, revocation, and permission boundaries.
The code embeds a Google/Gemini API key and uses it for requests, while the registry declares no primary credential or required environment variable.
this.apiKey = "AIzaSyCKWm...Cp9dEjk0"; this.modelUrl = "https://generativelanguage.googleapis.com/v1/models/gemini-3.1-pro:generateContent";
Remove the embedded key, require a user-supplied scoped credential via a declared environment variable, and document exactly which provider account is used.
If this code is run, coding prompts or pasted code may leave the local environment for Google Gemini without the user realizing that provider is involved.
The included code sends the user's prompt to the Gemini API, but the SKILL.md and metadata focus on local coding CLIs and do not disclose this external provider flow.
const postData = JSON.stringify({ contents: [{ parts: [{ text: prompt }] }] }); ... https.request(requestUrl, options, (res) => {Disclose the Gemini data flow clearly, make it opt-in, warn users not to include secrets, and provide controls for which files or prompt content may be sent.
Following these examples could let a background agent make broad code changes, including to sensitive modules, before the user reviews each action.
The documented workflow includes background coding-agent execution with auto-approval or no sandbox/no approvals, which can modify a project without per-change user confirmation.
`--full-auto` ... auto-approves in workspace; `--yolo` ... NO sandbox, NO approvals ... background:true command:"codex --yolo 'Refactor the auth module'"
Default to sandboxed execution, avoid --yolo, require explicit user confirmation before mutation or publishing, and instruct users to review diffs before applying changes.
Users may install or invoke the skill believing it only uses the named local CLIs, while included code points to a different external provider and credential model.
The user-facing description frames the skill around local coding-agent delegation, while the included index.js implements an undeclared Gemini API agent with a hardcoded key.
description: "Delegate coding tasks to Codex, Claude Code, or Pi agents via background process."
Align the documentation and implementation: either remove the Gemini code or prominently disclose it in the description, requirements, and credential contract.